CVE-2025-61795 Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS

Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to...

CVE-2025-61795

CVE-2025-61795 is an Apache Tomcat DoS due to improper resource shutdown: when processing multipart uploads, temporary parts on disk may not be cleaned promptly, allowing resource exhaustion. Affects Tomcat 11.x (11.0.0-M1–11.0.11), 10.x (10.1.0-M1–10.1.46), and 9.x (9.0.0.M1–9.0.109); EOL 8.5.x ...

CVE-2025-55752 Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

CVE-2025-55752

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

CVE-2025-55752

CVE-2025-55752 describes a Relative Path Traversal in Apache Tomcat introduced by a fix for bug 60013, allowing manipulation of the request URI to bypass protections for /WEB-INF/ and /META-INF/ and, if PUTs are enabled, potentially upload of malicious files leading to remote code execution. Affe...

CVE-2025-55752 Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

CVE-2025-55754

CVE-2025-55754 affects Apache Tomcat: improper neutralization of ANSI escape sequences in log messages could enable console/clipboard manipulation via crafted URLs. Affected: Tomcat 11.x (11.0.0-M1 to 11.0.10), 10.x (10.1.0-M1 to 10.1.44), 9.x (9.0.40 to 9.0.108), plus some EOL versions. Remediat...

EUVD-2025-36225

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...

CVE-2025-55754 Apache Tomcat: console manipulation via escape sequences in log messages

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...

CVE-2025-55754 Apache Tomcat: console manipulation via escape sequences in log messages

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...

Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to an improper input validation vulnerability due to Apache Axis. CVE-2023-51441.

Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to an improper input validation vulnerability due to Apache Axis. CVE-2023-51441. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED Improper Input...

Apache Tomcat 10.1.0.M1 < 10.1.45 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.45. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.45security-10 advisory. - Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regressi...

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. It is used to implement support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat that stems from not properly escaping ANSI escape sequences, which could lead to...

Apache Tomcat 9.0.0.M1 < 9.0.110

The version of Tomcat installed on the remote host is prior to 9.0.110. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.110security-9 advisory. - Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceedin...

Apache Tomcat 11.0.0.M1 < 11.0.11 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.11. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.11security-11 advisory. - Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regressi...

Apache Tomcat 11.0.0.M1 < 11.0.12

The version of Tomcat installed on the remote host is prior to 11.0.12. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.12security-11 advisory. - Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceedi...

Apache Tomcat 10.1.0.M1 < 10.1.47

The version of Tomcat installed on the remote host is prior to 10.1.47. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.47security-10 advisory. - Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceedi...

Malicious code in cdc-apache-cassandra (npm)

The package cdc-apache-cassandra was found to contain malicious code...

MAL-2025-48616 Malicious code in cdc-apache-cassandra (npm)

The package cdc-apache-cassandra was found to contain malicious code...

PT-2025-49099

Name of the Vulnerable Software and Affected Versions tika-core versions 1.13 through 3.2.1 tika-parser-pdf-module versions 2.0.0 through 3.2.1 tika-parsers versions 1.13 through 1.28.5 Description Apache Tika incorrectly handles XML external entities when parsing XFA XML Forms Architecture conte...